Introduction

This article presents a very small scale blog engine using ASP.NET and SQLServer. The idea here is to understand how a rudimentary blog engine can be implemented with proper architecture.

Background

I have been a C++ programmer for 5 years writing core applications mainly dealing with graphics, multimedia and networking domain. After that, I started writing Windows applications using C# and WPF. Recently, I started writing websites using ASP.NET/C#/SqlServer. On this recent project, I got a chance to learn a lot about web development. Here I am taking care of one particular service starting from its Data layer to its presentation layer. Although the architecture here is not following a strict n-tier approach, that didn't stop me from learning and implementing the n-tier architecture for web applications. When my wife asked me about how things work in ASP.NET (she is more of a web designer than a developer), I created this small blog engine to explain to her the basics of ASP.NET websites and n-tier architecture.

Using the Code

We have tried to follow a proper n-tier architecture. The bottom most layer is the Data layer which contains the tables and stored procedures of SqlServer. On top of that, we have a Data Access Layer (DAL). This Data access layer is created as a separate solution so that the changes in DAL only need the recompilation of DAL and not the complete website. Also the changes in other areas outside this solution will not demand for DAL recompilation. On top of DAL, we have our Business Logic Layer(BLL). It is also in a separate solution for the same reason, and the Presentation layer is a website containing ASP.NET pages running on top of BLL.

The Data Layer

The first thing we need to do is to plan out the database schema that we will be using. Here is the snapshot of the database schema that I created.

Along with the schema, I also created few stored procedures for common operations on database. I like the idea of having stored procedures for all database operations as it is the most secure way of accessing the database (from the perspective of SQL injection). If you ask me, the best way to implement the DB operations is:

Stored procedures

Executing Parametrizec commands

Dynamically creating queries by string concatenation (only when I absolutely have to because this is the worst way so I usually avoid it)

So the stored procedures that we have in this application are:

The Data Access Layer(DAL)

The data access layer talks to the database, retrieves the results and passes it to the business logic layer in the form of DataSets or DataTables. The DAL contains the following classes:

The respective classes in this DAL are responsible for talking to the respective database tables. The common functions are moved inside the class Functions.

The Business Logic Layer(BLL)

The BLL takes care of manipulating the data as per the request from the user interface, have some additional checks and operations that need to be performed. The main classes in our BLL are:

The Presentation Layer

The presentation layer contains the web forms that the user can access. The presentation layer is divided in two areas, one for the normal users to browse through the blog entries and the other for the administrator to add/change blog entries, categories and/or metadata. (Please see the source for detailed implementation.) I have not used the forms authentication or Windows authentication for this small website rather I am keeping track of users in my databases and authenticating and authorizing then programmatically. This was a design decision I made (perhaps not a good one) but more elegant solutions can be implemented too (since the main idea here was learning data access in n-tier apps, so I didn't).

The website runs in two modes:

User mode - Simply run the website after compiling the BLL and DLL

Admin mode - Run the website. Add /admin in the URL to go to the Admin mode (USERNAME: admin, password: 12345)

Points of Interest

The idea behind this exercise was to understand and implement n-tier data access architecture for beginners. But I am ready to take suggestions and add improvements so that this engine can further be improved.

Share

About the Author

I Started my Programming career with C++. Later got a chance to develop Windows Form applications using C#. Currently using C#, ASP.NET & ASP.NET MVC to create Information Systems, e-commerce/e-governance Portals and Data driven websites.

My interests involves Programming, Website development and Learning/Teaching subjects related to Computer Science/Information Systems. IMO, C# is the best programming language and I love working with C# and other Microsoft Technologies.

When trying to debug the Code on a local machine I get the following security exception:

Security Exception
Description: The application attempted to perform an operation not allowed by the security policy. To grant this application the required permission please contact your system administrator or change the application's trust level in the configuration file.

[SqlException (0x80131904): A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)]
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) +4876431
System.Data.SqlClient.TdsParser

I am just getting the data for the selected category. How do i know the selected category? It is coming in query string of the default page. Check the page_load for default.aspx to know the actual working.

Twenty years from now you will be more disappointed by the things that you didn't do than by the ones you did do. So throw off the bowlines. Sail away from the safe harbor. Catch the trade winds in your sails. Explore, Dream. Discover.

Thank you so much for blog code...but i am not able to login as a admin here...please let me know the username and password for admin panel...I saw in login table but password is encrypted here..please do the needful...

Great work but I've one question and advise, so please don't get me wrong, Why are you using the old ADO.NET techniques? What about Linq to SQL, Entity Framework, NHibernate, and Micro-ORMS like Dapper and PetaPoco. It's a redundant work to build your DAL for every application, let ORM do this for you.

It's a redundant work to build your DAL for every application, let ORM do this for you.

Agree!

"Opinions are neither right nor wrong. I cannot change your opinion. I can, however, change what influences your opinion." - David CrowNever mind - my own stupidity is the source of every "problem" - Mixture

I also agree on this but the reason I took the old school approach is to

1. Target those developers where development houses have not yet moved to newer versions of technology.
2. TO explain how an ideal data access layer should be written(architecture and approach wise) be it in any technology whether ORMs are available or not.

Next month I Will put a version of this using ORM too here. (If i get some time from my real development).

Business and Presentation Layers should have loose coupling. Can i change presentation layet to Mvc. I don't think so, because your business actions require Datasource controls like Repeated and Dropdown.

Totally agree to this point. +5 for it. I will be creating a new version of this project soon which will remove all the shortcomings of this version and will keep the Data access logic separate. The idea for the new project is to have all the data access centralized in form a DLL or Data Service and then writing two separate presentation layers on top of it. One using MVC and other using Webforms.

Twenty years from now you will be more disappointed by the things that you didn't do than by the ones you did do. So throw off the bowlines. Sail away from the safe harbor. Catch the trade winds in your sails. Explore, Dream. Discover.